Network Security
Define a Tunnel Monitoring Profile
Table of Contents
Define a Tunnel Monitoring Profile
| Where Can I Use This? | What Do I Need? |
|---|---|
| No license required |
A tunnel monitoring profile allows you to
verify connectivity between the VPN peers; you can configure the
tunnel interface to ping a destination IP address at a specified
interval and specify the action if the communication across the
tunnel is broken.
- Select . A default tunnel monitoring profile is available for use.Click Add, and enter a Name for the profile.Select the Action to take if the destination IP address is unreachable.
- Wait Recover—the firewall waits for the tunnel to recover. It continues to use the tunnel interface in routing decisions as if the tunnel were still active.
- Fail Over—forces traffic to a secondary path if one is available. The firewall disables the tunnel interface, and thereby disables any routes in the routing table that use the interface.
In either case, the firewall attempts to accelerate the recovery by negotiating new IPSec keys.Specify the Interval (sec) and Threshold to trigger the specified action.- Threshold specifies the number of heartbeats to wait before taking the specified action (range is 2-100; default is 5).
- Interval (sec) specifies the time (in seconds) between heartbeats (range is 2-10; default is 3).
Attach the monitoring profile to the IPSec tunnel configuration.- When you Add a new tunnel configuration (), you can attach the monitoring profile that you created.
- On the General tab, select Show Advanced Options and enable Tunnel Monitor. You must assign an IP address to the tunnel interface for monitoring.
- Specify a Destination IP address on the other side of the tunnel to determine if the tunnel is working properly.
- Select the default tunnel monitoring Profile or the one you created to determine the action upon tunnel failure.
